CVE-2025-7005

Vulnerability

Uncontrolled recursion vulnerability in the portable executable (PE) file scanner used by Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus. When the scanner processes a specially crafted malformed Windows PE file, the recursive logic does not terminate, leading to a stack overflow or excessive resource consumption. The issue affects all platforms (Windows, macOS, Linux) running virus definition builds before VPS 25031700. The vulnerable scanning code is delivered via the shared Gen Digital virus definition update stream [1].

Exploitation

An attacker must deliver a malformed PE file to a system running an affected product at a vulnerable definition level. No authentication or special privileges are required; the file could arrive through email, a web download, or any other means that triggers an on-access or on-demand scan. The scanner's recursive unpacking or parsing of the malformed PE structure consumes excessive stack or memory, causing the antivirus process to hang or crash.

Impact

Successful exploitation causes a denial of service (DoS) of the antivirus process. The scanner becomes unresponsive or terminates, leaving the system temporarily unprotected until the process is automatically restarted or manually relaunched. The crash does not grant code execution or privilege escalation; the effect is limited to loss of real-time protection until recovery.

Mitigation

The fix is distributed automatically through the Gen Digital virus definition update stream. Installations at or above VPS 25031700 are not vulnerable [1]. Users should ensure that automatic updates are enabled. No manual workaround exists beyond updating definitions. The advisory does not indicate any addition to the CISA KEV catalog.